ML22140A304

From kanterella
Revision as of 10:34, 29 June 2022 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
birlas-hv-t7
ML22140A304
Person / Time
Issue date: 03/08/2022
From:
Office of Nuclear Reactor Regulation
To:
Office of Nuclear Reactor Regulation
References
Download: ML22140A304 (8)


Text

Hazard analysis for Nuclear Automation Defeating Digital Demons Technical Session #T7 Questions for the panel discussion

Question 1 For a safety-critical function, such as reactor protection :

Can a hazard analysis based on state-of-the-art methods show that a proposed system design developed without the use of design diversity has a level of safety assurance comparable to a system developed under the current practice using design diversity?

Scope of the panel discussion

  • Loss of concern: Non-performance of the safety function when demanded.
  • Hazard: Condition with potential to cause the loss of concern.
  • Causes of concern:
  • Systemic causes (rather than random hardware failures), e.g.:
  • Unwanted interactions causing misbehaviors.
  • Invalid or implicit assumptions.
  • Methods of hazard analysis: Any relevant applicable combination.

Design diversity: Meaning for this panel discussion Item A1 Performs OutputsA1 Function A InputsA Item A2 Performs OutputsA2 Function A A1, A2 are diverse, if

  • The same common cause does not degrade the performance of A1, A2, e.g.:
  • Latent design defect.
  • Unwanted interaction, e.g.:
  • Unexpected signal (e.g.: message; data) pathways.
  • Unexpected propagation through interconnections.
  • Shared resources, e.g.:
  • Memory.
  • Computing resources.
  • Communication resources.
  • A1 does not degrade the performance of A2.
  • A2 does not degrade the performance of A1.

Hazard Analysis: Scope for this panel discussion Verification Vp Vc Vr Va Vdd Vi Vt Validation (V&V)

Requirements from System NPP Plans Concept Requirements Architecture Detailed design Implementation Testing Development Safety Analysis HAp HAc HAr HAr HAdd HAi HAi Safety Analysis

Question 1 For a safety-critical function, such as reactor protection :

Can a hazard analysis based on state-of-the-art methods show that a proposed system design developed without the use of design diversity has a level of safety assurance comparable to a system developed under the current practice using design diversity?

Question 2 Does sufficient scientific evidence exist to support the assertion that the quality of hazard analysis (needed to avoid design diversity) can be evaluated independently with consistency?

e.g.: independent verification & validation (IV&V) methods exist)

Question 3 Does sufficient scientific evidence exist to support the assertion that the conditions needed to achieve the requisite quality of hazard analysis are understood well enough and are measurable adequately?

Sub-question:

What conditions affect quality of hazard analysis critically?

Competence elements?

Cultural aspects?

What else?